<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <title></title>
  <!-- Bootstrap core CSS -->
  <link href="./css/bootstrap.min.css" rel="stylesheet">

  <!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->
  <!-- <link href="../../assets/css/ie10-viewport-bug-workaround.css" rel="stylesheet"> -->

  <!-- Custom styles for this template -->
  <link href="./css/navbar-fixed-top.css" rel="stylesheet">
  <script type="text/javascript" src="../js/jquery.js"></script>
</head>
<body>
<?php
// 编辑商品处理逻辑
include '../dbconnect.php';

// 获取请求参数
$gid = isset($_REQUEST['gid']) ? intval($_REQUEST['gid']) : 0;
$goods_name = isset($_REQUEST['goods_name']) ? $_REQUEST['goods_name'] : '';
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : '';
$old_price = isset($_REQUEST['old_price']) ? floatval($_REQUEST['old_price']) : 0.0;
$price = isset($_REQUEST['price']) ? floatval($_REQUEST['price']) : 0.0;
$desc = isset($_REQUEST['desc']) ? $_REQUEST['desc'] : '';

$picture = isset($_REQUEST['picture']) ? $_REQUEST['picture'] : '';


// 使用预处理语句防止 SQL 注入
$sql = "UPDATE goods SET GOODS_NAME = ?, GOODS_TYPE = ?, GOODS_PRICE = ?, GOODS_OLD_PRICE = ?, GOODS_DESC = ?, GOODS_PICTURE = ? WHERE GOODS_ID = ?";
$stmt = $conn->prepare($sql);

// 绑定参数
$stmt->bind_param("ssddssi", $goods_name, $type, $price, $old_price, $desc, $picture, $gid);

// 执行查询
if ($stmt->execute()) {
    header("Location: goodslist.php");
} else {
    echo "Error: Update info error!";
}

// 关闭连接
$stmt->close();
$conn->close();
?>
</body>
</html>